Blockstream Jade Security Disclosure **TL;DR:** **Vulnerability:** A buffer overflow ...

Blockstream Jade Security Disclosure
https://blog.blockstream.com/jade-security-disclosure/

**TL;DR:**

**Vulnerability:** A buffer overflow bug in Jade hardware wallet firmware (versions 1.0.24-1.0.36) that could allow malware on a connected computer/phone to crash the device or potentially extract the user's private keys.

**Practical implications:**
- **Only exploitable if:** Device connected via USB/Bluetooth to malware-infected computer AND device was unlocked on that interface
- **Not vulnerable:** QR-only mode, uninitialized devices, or if using official Blockstream app on clean devices
- **No known exploits** in the wild
- **Fix:** Update to firmware 1.0.38+ immediately (includes anti-rollback protection)
- **Worst case:** Attacker could theoretically steal private keys if sophisticated malware was present

https://stacker.news/items/1350306

m0wer on Nostr: Blockstream Jade Security Disclosure **TL;DR:** **Vulnerability:** A buffer overflow ...

m0wer on Nostr: Blockstream Jade Security Disclosure TL;DR: Vulnerability: A buffer overflow ...